An information security awareness capability model (ISACM)

Poepjes, Robert and Lane, Michael (2012) An information security awareness capability model (ISACM). In: 10th Australian Information Security Management Conference (SECAU 2012), 3-5 Dec 2012, Perth, Western Australia.

PDF (Published Version)

Download (1066Kb)


A lack of information security awareness within some parts of society as well as some organisations continues to exist today. Whilst we have emerged from the threats of late 1990s of virus such as Code Red and Melissa, through to the phishing emails of the mid 2000’s and the financial damage some such as the Nigerian scam caused, we continue to react poorly to new threats such as demanding money via SMS with a promise of death to those that won’t pay. So is this lack of awareness translating into problems within the workforce? There is often a lack of knowledge as to what is an appropriate level of awareness for information security controls across an organisation. This paper presents the development of a theoretical framework and model that combines aspects of information security best practice standards as presented in ISO/IEC 27002 with theories of Situation Awareness. The resultant model is an information security awareness capability model (ISACM). A preliminary survey is being used to develop the Awareness Importance element of the model and will leverage the opinions of information security professionals. A subsequent survey is also being developed to measure the Awareness Capability element of the model. This will present a number of scenarios with a series of cascading questions that test Level 1 situation awareness (perception), Level 2 situation awareness (comprehension) and finally Level 3 situation awareness (projection).

Statistics for USQ ePrint 22283
Statistics for this ePrint Item
Item Type: Conference or Workshop Item (Commonwealth Reporting Category E) (Paper)
Refereed: Yes
Item Status: Live Archive
Additional Information: No evidence of copyright restrictions preventing deposit.
Faculty / Department / School: Historic - Faculty of Business and Law - School of Information Systems
Date Deposited: 09 Jan 2013 23:55
Last Modified: 17 Sep 2014 03:21
Uncontrolled Keywords: IT security, awareness, situation awareness, ISO27000, awareness importance, awareness capability, awareness risk
Fields of Research : 08 Information and Computing Sciences > 0899 Other Information and Computing Sciences > 089999 Information and Computing Sciences not elsewhere classified
08 Information and Computing Sciences > 0803 Computer Software > 080303 Computer System Security
08 Information and Computing Sciences > 0806 Information Systems > 080609 Information Systems Management
Socio-Economic Objective: E Expanding Knowledge > 97 Expanding Knowledge > 970108 Expanding Knowledge in the Information and Computing Sciences

Actions (login required)

View Item Archive Repository Staff Only